I collected the tftp traces at the source network interface using wireshark while downloading a software to destination. When I analysed the TFTP traces I could see missing transmitted packets from the source but could see acknowledgement from the destination. Why is that? Why it couldn't capture the transmitted packets? Is there any thing wrong in the setting? Are the transmitted packets too fast to capture? If so is it possible to capture these packets by modifying any parameters on the wireshark?Please reply. asked 12 Sep '13, 20:59 nsrikant |
One Answer:
Why is that? If the ACK is present, then the capture machine must have dropped packets (or the missing packets were sent on another interface, but that's unlikely). Why it couldn't capture the transmitted packets? Could be several reasons. Is there any thing wrong in the setting? What setting? Are the transmitted packets too fast to capture? Probably not, since each block is acknowledged so the round-trip latency dictates the transmission rate. But how fast is the sender transmitting? If so is it possible to capture these packets by modifying any parameters on the wireshark? Try taking a look at the information provided at the Wireshark Performance wiki page. answered 19 Sep '13, 11:19 cmaynard ♦♦ |
Is this a wired or wireless connection?